This document describes how to recover the enable
password and the enable secret
passwords. These passwords protect access to privileged EXEC and configuration
modes. The enable password password can be
recovered, but the enable secret password is
encrypted and must be replaced with a new password. Use the procedure described
in this document in order to replace the enable
secret password.

The information in this document is based on the Cisco 3700 Series
Routers.

The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.

If you can access the router, type show
version at the prompt, and record the configuration register
setting. See Example of Password Recovery
Procedure in order to view the output of a show
version command

Note: The configuration register is usually set to 0x2102 or 0x102. If
you can no longer access the router (because of a lost login or TACACS
password), you can safely assume that your configuration register is set to
0x2102.

Use the power switch in order to turn off the router, and then turn
the router back on.

Important Notes:

In order to simulate this step on a Cisco 6400, pull out and
then plug in the Node Route Processor (NRP) or Node Switch Processor (NSP)
card.

In order to simulate this step on a Cisco 6x00 with NI-2, pull
out and then plug in the NI-2 card.

Press Break on the terminal keyboard within 60
seconds of power up in order to put the router into ROMMON.

The show running-config command shows
the configuration of the router. In this configuration, the
shutdown command appears under all interfaces, which
indicates all interfaces are currently shut down. In addition, the passwords
(enable password, enable secret, vty, console passwords) are in either an
encrypted or unencrypted format. You can reuse unencrypted passwords. You must
change encrypted passwords to a new password.

Type configure terminal.

The hostname(config)# prompt
appears.

Type enable secret
<password> in order to change the
enable secret password. For example:

hostname(config)#enable secret cisco

Issue the no shutdown command on every
interface that you use.

If you issue a show ip interface brief
command, every interface that you want to use should display up
up.

Type config-register
<configuration_register_setting>.
Where
configuration_register_setting
is either the value you recorded in step 2 or
0x2102. For example:

hostname(config)#config-register 0x2102

Press Ctrl-z or end in order to
leave the configuration mode.

The hostname# prompt appears.

Type write memory or copy
running-config startup-config in order to commit the changes.

This section provides an example of the password recovery procedure.
This example was created with a Cisco 2600 Series Router. Even if you do not
use a Cisco 2600 Series Router, this output provides an example of what you
should experience on your product.